[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   78.630722][   T27] audit: type=1800 audit(1579612370.613:25): pid=9353 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   78.663319][   T27] audit: type=1800 audit(1579612370.613:26): pid=9353 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   78.704318][   T27] audit: type=1800 audit(1579612370.613:27): pid=9353 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.10.48' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [  103.338169][ T9507] IPVS: ftp: loaded support on port[0] = 21
[  103.368046][ T9507] ==================================================================
[  103.376509][ T9507] BUG: KASAN: slab-out-of-bounds in __nla_put_nohdr+0x46/0x50
[  103.384085][ T9507] Read of size 12 at addr ffff888096ff0780 by task syz-executor696/9507
[  103.392477][ T9507] 
[  103.394931][ T9507] CPU: 0 PID: 9507 Comm: syz-executor696 Not tainted 5.5.0-rc6-syzkaller #0
[  103.403642][ T9507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  103.413684][ T9507] Call Trace:
[  103.416971][ T9507]  dump_stack+0x197/0x210
[  103.421356][ T9507]  ? __nla_put_nohdr+0x46/0x50
[  103.426142][ T9507]  print_address_description.constprop.0.cold+0xd4/0x30b
[  103.433159][ T9507]  ? __nla_put_nohdr+0x46/0x50
[  103.437920][ T9507]  ? __nla_put_nohdr+0x46/0x50
[  103.442672][ T9507]  __kasan_report.cold+0x1b/0x41
[  103.447599][ T9507]  ? __nla_put_nohdr+0x46/0x50
[  103.452354][ T9507]  kasan_report+0x12/0x20
[  103.456679][ T9507]  check_memory_region+0x134/0x1a0
[  103.461777][ T9507]  memcpy+0x24/0x50
[  103.465585][ T9507]  __nla_put_nohdr+0x46/0x50
[  103.470162][ T9507]  nla_put_nohdr+0xf9/0x140
[  103.474667][ T9507]  tcf_em_tree_dump+0x67e/0x960
[  103.479524][ T9507]  ? tcf_em_lookup+0x150/0x150
[  103.484392][ T9507]  ? __nla_put_64bit+0x37/0x40
[  103.489168][ T9507]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  103.495526][ T9507]  ? tcf_exts_dump+0xa2/0x5a0
[  103.500229][ T9507]  basic_dump+0x379/0x690
[  103.504803][ T9507]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[  103.511032][ T9507]  ? basic_bind_class+0xb0/0xb0
[  103.516158][ T9507]  ? memcpy+0x46/0x50
[  103.520616][ T9507]  ? nla_put+0x110/0x150
[  103.524854][ T9507]  ? basic_bind_class+0xb0/0xb0
[  103.529699][ T9507]  tcf_fill_node+0x58b/0x970
[  103.534286][ T9507]  ? tcf_get_next_chain+0x50/0x50
[  103.539308][ T9507]  ? __kmalloc_reserve.isra.0+0xf0/0xf0
[  103.544847][ T9507]  ? basic_init+0x1f0/0x1f0
[  103.549362][ T9507]  tfilter_notify+0x134/0x290
[  103.554055][ T9507]  tc_new_tfilter+0xc18/0x2590
[  103.558818][ T9507]  ? basic_init+0x1f0/0x1f0
[  103.563315][ T9507]  ? tc_del_tfilter+0x1560/0x1560
[  103.568393][ T9507]  ? __kasan_check_read+0x11/0x20
[  103.573407][ T9507]  ? __lock_acquire+0x8a0/0x4a00
[  103.578367][ T9507]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  103.584607][ T9507]  ? rtnetlink_rcv_msg+0x7e3/0xaf0
[  103.589708][ T9507]  ? find_held_lock+0x35/0x130
[  103.594509][ T9507]  ? rcu_read_lock_held_common+0x130/0x130
[  103.600305][ T9507]  ? tc_del_tfilter+0x1560/0x1560
[  103.605356][ T9507]  ? __kasan_check_read+0x11/0x20
[  103.610456][ T9507]  ? tc_del_tfilter+0x1560/0x1560
[  103.615481][ T9507]  rtnetlink_rcv_msg+0x824/0xaf0
[  103.620406][ T9507]  ? rtnl_bridge_getlink+0x910/0x910
[  103.625682][ T9507]  ? lock_downgrade+0x920/0x920
[  103.630728][ T9507]  ? netlink_deliver_tap+0x228/0xbe0
[  103.636011][ T9507]  ? find_held_lock+0x35/0x130
[  103.640773][ T9507]  netlink_rcv_skb+0x177/0x450
[  103.645535][ T9507]  ? rtnl_bridge_getlink+0x910/0x910
[  103.650846][ T9507]  ? netlink_ack+0xb50/0xb50
[  103.655440][ T9507]  ? __kasan_check_read+0x11/0x20
[  103.660516][ T9507]  ? netlink_deliver_tap+0x24a/0xbe0
[  103.665798][ T9507]  rtnetlink_rcv+0x1d/0x30
[  103.670214][ T9507]  netlink_unicast+0x58c/0x7d0
[  103.674969][ T9507]  ? netlink_attachskb+0x870/0x870
[  103.680070][ T9507]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[  103.685780][ T9507]  ? __check_object_size+0x3d/0x437
[  103.691013][ T9507]  netlink_sendmsg+0x91c/0xea0
[  103.695839][ T9507]  ? netlink_unicast+0x7d0/0x7d0
[  103.700776][ T9507]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[  103.706327][ T9507]  ? apparmor_socket_sendmsg+0x2a/0x30
[  103.711781][ T9507]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  103.718015][ T9507]  ? security_socket_sendmsg+0x8d/0xc0
[  103.723573][ T9507]  ? netlink_unicast+0x7d0/0x7d0
[  103.728686][ T9507]  sock_sendmsg+0xd7/0x130
[  103.733095][ T9507]  ____sys_sendmsg+0x753/0x880
[  103.737852][ T9507]  ? kernel_sendmsg+0x50/0x50
[  103.742539][ T9507]  ? rcu_read_lock_sched_held+0x9c/0xd0
[  103.748070][ T9507]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[  103.754052][ T9507]  ? __lock_acquire+0x16f2/0x4a00
[  103.759078][ T9507]  ___sys_sendmsg+0x100/0x170
[  103.763747][ T9507]  ? sendmsg_copy_msghdr+0x70/0x70
[  103.768847][ T9507]  ? lock_downgrade+0x920/0x920
[  103.773747][ T9507]  ? __kasan_check_read+0x11/0x20
[  103.778763][ T9507]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  103.785030][ T9507]  ? __fget_light+0x1a9/0x230
[  103.789697][ T9507]  ? __fdget+0x1b/0x20
[  103.793895][ T9507]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  103.800313][ T9507]  __sys_sendmsg+0x105/0x1d0
[  103.805322][ T9507]  ? __sys_sendmsg_sock+0xc0/0xc0
[  103.810346][ T9507]  ? down_read_non_owner+0x490/0x490
[  103.815716][ T9507]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  103.821257][ T9507]  ? do_syscall_64+0x26/0x790
[  103.825924][ T9507]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  103.831999][ T9507]  ? do_syscall_64+0x26/0x790
[  103.836673][ T9507]  __x64_sys_sendmsg+0x78/0xb0
[  103.841585][ T9507]  do_syscall_64+0xfa/0x790
[  103.846131][ T9507]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  103.852134][ T9507] RIP: 0033:0x440dd9
[  103.856026][ T9507] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[  103.875853][ T9507] RSP: 002b:00007ffd12f770f8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  103.884478][ T9507] RAX: ffffffffffffffda RBX: 00000000004a25b0 RCX: 0000000000440dd9
[  103.892446][ T9507] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003
[  103.900558][ T9507] RBP: 00000000006cc018 R08: 0000000120080522 R09: 0000000120080522
[  103.908776][ T9507] R10: 0000000120080522 R11: 0000000000000246 R12: 00000000004022e0
[  103.916790][ T9507] R13: 0000000000402370 R14: 0000000000000000 R15: 0000000000000000
[  103.924790][ T9507] 
[  103.927155][ T9507] Allocated by task 9507:
[  103.931484][ T9507]  save_stack+0x23/0x90
[  103.935675][ T9507]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[  103.941295][ T9507]  kasan_kmalloc+0x9/0x10
[  103.945614][ T9507]  __kmalloc_track_caller+0x15f/0x760
[  103.951023][ T9507]  kmemdup+0x27/0x60
[  103.954911][ T9507]  em_nbyte_change+0xd6/0x150
[  103.959661][ T9507]  tcf_em_tree_validate+0x9b5/0xf3c
[  103.964896][ T9507]  basic_change+0x513/0x14a0
[  103.969472][ T9507]  tc_new_tfilter+0xbbd/0x2590
[  103.974225][ T9507]  rtnetlink_rcv_msg+0x824/0xaf0
[  103.979321][ T9507]  netlink_rcv_skb+0x177/0x450
[  103.984072][ T9507]  rtnetlink_rcv+0x1d/0x30
[  103.988479][ T9507]  netlink_unicast+0x58c/0x7d0
[  103.993234][ T9507]  netlink_sendmsg+0x91c/0xea0
[  103.998088][ T9507]  sock_sendmsg+0xd7/0x130
[  104.002640][ T9507]  ____sys_sendmsg+0x753/0x880
[  104.007398][ T9507]  ___sys_sendmsg+0x100/0x170
[  104.012187][ T9507]  __sys_sendmsg+0x105/0x1d0
[  104.017733][ T9507]  __x64_sys_sendmsg+0x78/0xb0
[  104.022842][ T9507]  do_syscall_64+0xfa/0x790
[  104.027360][ T9507]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  104.033243][ T9507] 
[  104.035662][ T9507] Freed by task 4365:
[  104.039638][ T9507]  save_stack+0x23/0x90
[  104.043785][ T9507]  __kasan_slab_free+0x102/0x150
[  104.048711][ T9507]  kasan_slab_free+0xe/0x10
[  104.053207][ T9507]  kfree+0x10a/0x2c0
[  104.057110][ T9507]  tomoyo_check_open_permission+0x19e/0x3e0
[  104.063000][ T9507]  tomoyo_file_open+0xa9/0xd0
[  104.067720][ T9507]  security_file_open+0x71/0x300
[  104.072744][ T9507]  do_dentry_open+0x37a/0x1380
[  104.077528][ T9507]  vfs_open+0xa0/0xd0
[  104.081499][ T9507]  path_openat+0x118b/0x3180
[  104.086083][ T9507]  do_filp_open+0x1a1/0x280
[  104.090572][ T9507]  do_sys_open+0x3fe/0x5d0
[  104.094975][ T9507]  __x64_sys_open+0x7e/0xc0
[  104.100047][ T9507]  do_syscall_64+0xfa/0x790
[  104.104550][ T9507]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  104.110697][ T9507] 
[  104.113021][ T9507] The buggy address belongs to the object at ffff888096ff0780
[  104.113021][ T9507]  which belongs to the cache kmalloc-32 of size 32
[  104.126905][ T9507] The buggy address is located 0 bytes inside of
[  104.126905][ T9507]  32-byte region [ffff888096ff0780, ffff888096ff07a0)
[  104.140125][ T9507] The buggy address belongs to the page:
[  104.145821][ T9507] page:ffffea00025bfc00 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff888096ff0fc1
[  104.156386][ T9507] raw: 00fffe0000000200 ffffea000253ec08 ffff8880aa401238 ffff8880aa4001c0
[  104.164964][ T9507] raw: ffff888096ff0fc1 ffff888096ff0000 0000000100000030 0000000000000000
[  104.173535][ T9507] page dumped because: kasan: bad access detected
[  104.179962][ T9507] 
[  104.182277][ T9507] Memory state around the buggy address:
[  104.187935][ T9507]  ffff888096ff0680: 00 00 fc fc fc fc fc fc fb fb fb fb fc fc fc fc
[  104.196168][ T9507]  ffff888096ff0700: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[  104.204335][ T9507] >ffff888096ff0780: 04 fc fc fc fc fc fc fc fb fb fb fb fc fc fc fc
[  104.212434][ T9507]                    ^
[  104.216503][ T9507]  ffff888096ff0800: 00 00 00 00 fc fc fc fc 00 00 00 00 fc fc fc fc
[  104.224558][ T9507]  ffff888096ff0880: 00 00 00 00 fc fc fc fc 00 00 fc fc fc fc fc fc
[  104.232661][ T9507] ==================================================================
[  104.240720][ T9507] Disabling lock debugging due to kernel taint
[  104.247812][ T9507] Kernel panic - not syncing: panic_on_warn set ...
[  104.254421][ T9507] CPU: 0 PID: 9507 Comm: syz-executor696 Tainted: G    B             5.5.0-rc6-syzkaller #0
[  104.264554][ T9507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  104.274739][ T9507] Call Trace:
[  104.278020][ T9507]  dump_stack+0x197/0x210
[  104.282471][ T9507]  panic+0x2e3/0x75c
[  104.286366][ T9507]  ? add_taint.cold+0x16/0x16
[  104.291089][ T9507]  ? __nla_put_nohdr+0x46/0x50
[  104.295901][ T9507]  ? preempt_schedule+0x4b/0x60
[  104.300738][ T9507]  ? ___preempt_schedule+0x16/0x18
[  104.305871][ T9507]  ? trace_hardirqs_on+0x5e/0x240
[  104.311064][ T9507]  ? __nla_put_nohdr+0x46/0x50
[  104.315905][ T9507]  end_report+0x47/0x4f
[  104.320045][ T9507]  ? __nla_put_nohdr+0x46/0x50
[  104.324798][ T9507]  __kasan_report.cold+0xe/0x41
[  104.329670][ T9507]  ? __nla_put_nohdr+0x46/0x50
[  104.334430][ T9507]  kasan_report+0x12/0x20
[  104.338753][ T9507]  check_memory_region+0x134/0x1a0
[  104.343856][ T9507]  memcpy+0x24/0x50
[  104.347657][ T9507]  __nla_put_nohdr+0x46/0x50
[  104.352362][ T9507]  nla_put_nohdr+0xf9/0x140
[  104.356990][ T9507]  tcf_em_tree_dump+0x67e/0x960
[  104.362189][ T9507]  ? tcf_em_lookup+0x150/0x150
[  104.366955][ T9507]  ? __nla_put_64bit+0x37/0x40
[  104.371709][ T9507]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  104.377939][ T9507]  ? tcf_exts_dump+0xa2/0x5a0
[  104.382615][ T9507]  basic_dump+0x379/0x690
[  104.387061][ T9507]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[  104.393034][ T9507]  ? basic_bind_class+0xb0/0xb0
[  104.397965][ T9507]  ? memcpy+0x46/0x50
[  104.401941][ T9507]  ? nla_put+0x110/0x150
[  104.406183][ T9507]  ? basic_bind_class+0xb0/0xb0
[  104.411122][ T9507]  tcf_fill_node+0x58b/0x970
[  104.415702][ T9507]  ? tcf_get_next_chain+0x50/0x50
[  104.420713][ T9507]  ? __kmalloc_reserve.isra.0+0xf0/0xf0
[  104.426245][ T9507]  ? basic_init+0x1f0/0x1f0
[  104.430740][ T9507]  tfilter_notify+0x134/0x290
[  104.435409][ T9507]  tc_new_tfilter+0xc18/0x2590
[  104.440316][ T9507]  ? basic_init+0x1f0/0x1f0
[  104.444809][ T9507]  ? tc_del_tfilter+0x1560/0x1560
[  104.449826][ T9507]  ? __kasan_check_read+0x11/0x20
[  104.455089][ T9507]  ? __lock_acquire+0x8a0/0x4a00
[  104.460014][ T9507]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  104.466245][ T9507]  ? rtnetlink_rcv_msg+0x7e3/0xaf0
[  104.471466][ T9507]  ? find_held_lock+0x35/0x130
[  104.476221][ T9507]  ? rcu_read_lock_held_common+0x130/0x130
[  104.482215][ T9507]  ? tc_del_tfilter+0x1560/0x1560
[  104.487484][ T9507]  ? __kasan_check_read+0x11/0x20
[  104.492514][ T9507]  ? tc_del_tfilter+0x1560/0x1560
[  104.497542][ T9507]  rtnetlink_rcv_msg+0x824/0xaf0
[  104.502476][ T9507]  ? rtnl_bridge_getlink+0x910/0x910
[  104.507928][ T9507]  ? lock_downgrade+0x920/0x920
[  104.512778][ T9507]  ? netlink_deliver_tap+0x228/0xbe0
[  104.518057][ T9507]  ? find_held_lock+0x35/0x130
[  104.523106][ T9507]  netlink_rcv_skb+0x177/0x450
[  104.527993][ T9507]  ? rtnl_bridge_getlink+0x910/0x910
[  104.533278][ T9507]  ? netlink_ack+0xb50/0xb50
[  104.537873][ T9507]  ? __kasan_check_read+0x11/0x20
[  104.543183][ T9507]  ? netlink_deliver_tap+0x24a/0xbe0
[  104.548625][ T9507]  rtnetlink_rcv+0x1d/0x30
[  104.553033][ T9507]  netlink_unicast+0x58c/0x7d0
[  104.557800][ T9507]  ? netlink_attachskb+0x870/0x870
[  104.563164][ T9507]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[  104.568885][ T9507]  ? __check_object_size+0x3d/0x437
[  104.574077][ T9507]  netlink_sendmsg+0x91c/0xea0
[  104.579017][ T9507]  ? netlink_unicast+0x7d0/0x7d0
[  104.584132][ T9507]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[  104.589671][ T9507]  ? apparmor_socket_sendmsg+0x2a/0x30
[  104.595447][ T9507]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  104.601759][ T9507]  ? security_socket_sendmsg+0x8d/0xc0
[  104.607614][ T9507]  ? netlink_unicast+0x7d0/0x7d0
[  104.612553][ T9507]  sock_sendmsg+0xd7/0x130
[  104.616963][ T9507]  ____sys_sendmsg+0x753/0x880
[  104.621934][ T9507]  ? kernel_sendmsg+0x50/0x50
[  104.626604][ T9507]  ? rcu_read_lock_sched_held+0x9c/0xd0
[  104.632175][ T9507]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[  104.638274][ T9507]  ? __lock_acquire+0x16f2/0x4a00
[  104.643677][ T9507]  ___sys_sendmsg+0x100/0x170
[  104.648373][ T9507]  ? sendmsg_copy_msghdr+0x70/0x70
[  104.653478][ T9507]  ? lock_downgrade+0x920/0x920
[  104.658321][ T9507]  ? __kasan_check_read+0x11/0x20
[  104.663495][ T9507]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  104.670000][ T9507]  ? __fget_light+0x1a9/0x230
[  104.674665][ T9507]  ? __fdget+0x1b/0x20
[  104.678734][ T9507]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  104.684976][ T9507]  __sys_sendmsg+0x105/0x1d0
[  104.689634][ T9507]  ? __sys_sendmsg_sock+0xc0/0xc0
[  104.694763][ T9507]  ? down_read_non_owner+0x490/0x490
[  104.700052][ T9507]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  104.705795][ T9507]  ? do_syscall_64+0x26/0x790
[  104.710665][ T9507]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  104.716843][ T9507]  ? do_syscall_64+0x26/0x790
[  104.721668][ T9507]  __x64_sys_sendmsg+0x78/0xb0
[  104.726586][ T9507]  do_syscall_64+0xfa/0x790
[  104.731082][ T9507]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  104.737117][ T9507] RIP: 0033:0x440dd9
[  104.741015][ T9507] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[  104.761385][ T9507] RSP: 002b:00007ffd12f770f8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  104.769906][ T9507] RAX: ffffffffffffffda RBX: 00000000004a25b0 RCX: 0000000000440dd9
[  104.777936][ T9507] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003
[  104.786049][ T9507] RBP: 00000000006cc018 R08: 0000000120080522 R09: 0000000120080522
[  104.794015][ T9507] R10: 0000000120080522 R11: 0000000000000246 R12: 00000000004022e0
[  104.802131][ T9507] R13: 0000000000402370 R14: 0000000000000000 R15: 0000000000000000
[  104.812089][ T9507] Kernel Offset: disabled
[  104.816436][ T9507] Rebooting in 86400 seconds..